Failing to secure DNS is 'savage ignorance': Geoff Huston

In order to get DNSSEC to work you need to have the DNS server updating the registry. If you are a registrar then you only need to implement the practically unique way each registry does this (because following the EPP standard is not even close to universal, or even the majority). If you are instead a registrant then you've got to follow whatever unique API your registrar has provided to do this.

If you have a few hundred domains spread out over several registrars for several different top level domains, what you have is a nice mess that you have to create a custom solution to on top of just getting the DNS software to do the signing, rolling the key, watch for the key to go live at the registry, and so on.

Naturally if you have a domain and your registrar is also your DNS provider, then getting DNSSEC is easy. Just switch to one that will do it.